Launchpad CVE tracker

CVE 2008-0010

The copy_from_user_mmap_sem function in fs/splice.c in the Linux kernel 2.6.22 through 2.6.24 does not validate a certain userspace pointer before dereference, which allow local users to read from arbitrary kernel memory locations.

Related bugs and status

CVE-2008-0010 (Candidate) is related to these bugs:

Bug #190587: Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)

		In	Importance	Status
190587	Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)	linux-source-2.6.22 (Ubuntu)	High	Fix Released
190587	Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)	Gentoo Linux	Undecided	Fix Released
190587	Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)	Debian	Unknown	Fix Released
190587	Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)	linux (Ubuntu)	High	Fix Released
190587	Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)	linux (Fedora)	Critical	Fix Released
190587	Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)	linux-source-2.6.20 (Ubuntu)	High	Fix Released
190587	Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)	linux-source-2.6.17 (Ubuntu)	High	Fix Released
190587	Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)	Mandriva	Critical	Fix Released
190587	Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)	linux-source-2.6.15 (Ubuntu)	Undecided	Invalid
190587	Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)	CentOS	Critical	Fix Released
190587	Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)	Ubuntu	Undecided	Fix Released
190587	Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)	gplcver (Ubuntu)	Undecided	Invalid
190587	Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)	Linux	High	Fix Released

Bug #190591: mmap() local root exploit (via sys_vmsplice)

Summary				In	Importance	Status
	190591	mmap() local root exploit (via sys_vmsplice)		linux-source-2.6.22 (Ubuntu)	Undecided	New
	190591	mmap() local root exploit (via sys_vmsplice)		linux (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2008-0010

References